Cleanup neutron default security groups on tenant deletion
This fix cleanups tenant default security groups that are
automatically created and must be deleted on tenant deletion
Change-Id: Ifcf5ec0391799110f158d113f1b6db8a55a31da9
Closes-Bug: #1283083
diff --git a/tempest/common/isolated_creds.py b/tempest/common/isolated_creds.py
index dca1f86..02c50e4 100644
--- a/tempest/common/isolated_creds.py
+++ b/tempest/common/isolated_creds.py
@@ -134,6 +134,8 @@
self.identity_admin_client.users.delete(user)
def _delete_tenant(self, tenant):
+ if CONF.service_available.neutron:
+ self._cleanup_default_secgroup(tenant)
if self.tempest_client:
self.identity_admin_client.delete_tenant(tenant)
else:
@@ -376,6 +378,22 @@
LOG.warn('network with name: %s not found for delete' %
network_name)
+ def _cleanup_default_secgroup(self, tenant):
+ net_client = self.network_admin_client
+ if self.tempest_client:
+ resp, resp_body = net_client.list_security_groups(tenant_id=tenant,
+ name="default")
+ else:
+ resp_body = net_client.list_security_groups(tenant_id=tenant,
+ name="default")
+ secgroups_to_delete = resp_body['security_groups']
+ for secgroup in secgroups_to_delete:
+ try:
+ net_client.delete_security_group(secgroup['id'])
+ except exceptions.NotFound:
+ LOG.warn('Security group %s, id %s not found for clean-up' %
+ (secgroup['name'], secgroup['id']))
+
def _clear_isolated_net_resources(self):
net_client = self.network_admin_client
for cred in self.isolated_net_resources:
diff --git a/tempest/tests/test_tenant_isolation.py b/tempest/tests/test_tenant_isolation.py
index eddbb1d..48c523e 100644
--- a/tempest/tests/test_tenant_isolation.py
+++ b/tempest/tests/test_tenant_isolation.py
@@ -272,6 +272,13 @@
@mock.patch('tempest.common.rest_client.RestClient')
def test_network_cleanup(self, MockRestClient):
+ def side_effect(**args):
+ return ({'status': 200},
+ {"security_groups": [{"tenant_id": args['tenant_id'],
+ "name": args['name'],
+ "description": args['name'],
+ "security_group_rules": [],
+ "id": "sg-%s" % args['tenant_id']}]})
iso_creds = isolated_creds.IsolatedCreds('test class',
password='fake_password')
# Create primary tenant and network
@@ -341,7 +348,23 @@
return_value=return_values)
port_list_mock.start()
+ secgroup_list_mock = mock.patch.object(iso_creds.network_admin_client,
+ 'list_security_groups',
+ side_effect=side_effect)
+ secgroup_list_mock.start()
+
+ return_values = (fake_http.fake_httplib({}, status=204), {})
+ remove_secgroup_mock = self.patch(
+ 'tempest.services.network.network_client_base.'
+ 'NetworkClientBase.delete', return_value=return_values)
iso_creds.clear_isolated_creds()
+ # Verify default security group delete
+ calls = remove_secgroup_mock.mock_calls
+ self.assertEqual(len(calls), 3)
+ args = map(lambda x: x[1][0], calls)
+ self.assertIn('v2.0/security-groups/sg-1234', args)
+ self.assertIn('v2.0/security-groups/sg-12345', args)
+ self.assertIn('v2.0/security-groups/sg-123456', args)
# Verify remove router interface calls
calls = remove_router_interface_mock.mock_calls
self.assertEqual(len(calls), 3)